At a global meeting of regulators in Geneva (hosted by the UN), one strategist for the International Telecommunications Union (ITU) said the problems caused by spam, viruses and phishing e-mails are such that millions of people may leave the Internet "in frustration and disgust".
Several countries, including Australia, made the right noises about the importance of cooperation at a legislative and enforcement level in bringing the problem -- which has grown to the point that the ITU estimates more than three-quarters of inbound e-mail is unsolicited -- under control.
Australian Communications Authority acting head Bob Horton reportedly told the meeting that unsolicited e-mails were "a disease which has spread around the world -- we have an epidemic on our hands that we need to control".
However, can it be done within two years?
There is little evidence that legislation in itself --be it fraud-related or anti-spam -- is having much effect to date on the volume or nature of unsolicited e-mails reaching our inboxes. While there are encouraging signs that the authors of such e-mails in some countries may be becoming increasingly acquainted with the legal system, in other areas developments are less promising. The fact is that tackling the most malignant form of unsolicited e-mail, those used for a phishing scam, requires an assault on well-entrenched crime syndicates operating in countries where enforcement may prove more difficult than relatively law-abiding nations such as Australia. At this stage, the authors of such scams are staying well ahead of efforts to block them or educate users not to fall for their bait.
While the ITU strategist's comments may sound like hyperbole, they do at least promote the reality that the insidious schemes and techniques used to separate Internet users from their cash threaten to compromise the ability of e-mail and the Internet to reach their potential. Your writer suspects, however, that the two-year time-frame set by the UN to bring unsolicited e-mail under control may be too tight. The war will continue well beyond that.
Two years? Do it in two months (you'd rather, right?) That means use things that already exist, don't depend on any new laws, don't depend on any change in the protocol, don't depend on anything that requires near universal adoption to be of use. Sure, keep using blocklists and filters but you already know those alone aren't enough.
What's left? Easy: go after the abuse. Millions of abuse events occur each day and most are ignored. Do note: they are abuse, they are essential to spam, they can be detected and be used as the basis for action. The usual style today STILL is to let spammers do the abuse unimpeded. (What is done instead of going after the abuse is to shake a finger at the operators of the abused systems. That isn't working to end spam - and the sinmners are the spammers. Go after the sinners.)
More could be done by improving blocklists and filters. If you see how, please go do it.
Use traffic analysis to find the source of spam abuse. Many times the source of abuse will also be an abused system: use traffic analysis to find the source of the input to that abused system.
Also, educate ISPs (it can partially be self-education on their part) as to what spammer abuse is and how it is done. Emphasize the outward appearance of the abuse, the ways it can be recognized because it looks different form legitimate network traffic.
Start getting serious about stopping the abuse (and about punishing it when that is posible) and the spammers will take a very big hit. Keep letting the abuse be done, unopposed, and keep what we have: spam out of control.
OK?